CVE-2020-7301 is a vulnerability in McAfee Data Loss Prevention
Published on August 12, 2020

DLP ePO extension - Cross site scripting
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2020-7301 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2020-7301

Want to know whenever a new CVE is published for McAfee Data Loss Prevention? stack.watch will email you.

McAfee Data Loss Prevention

Affected Versions

McAfee DLP ePO extension:

Version 11.3 and below 11.3.28 is affected.
Version 11.4 and below 11.4.200 is affected.
Version 11.5 and below 11.5.3 is affected.

Exploit Probability

EPSS

0.44%

Percentile

63.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.